38 lines
827 B
TypeScript
38 lines
827 B
TypeScript
import { authenticateUser, createJWT } from '~/server/utils/auth'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const body = await readBody(event)
|
|
const { username, password } = body
|
|
|
|
if (!username || !password) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Username and password are required'
|
|
})
|
|
}
|
|
|
|
const user = await authenticateUser(username, password)
|
|
if (!user) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: 'Invalid credentials'
|
|
})
|
|
}
|
|
|
|
const token = await createJWT(user)
|
|
|
|
setCookie(event, 'auth_token', token, {
|
|
httpOnly: false,
|
|
secure: process.env.NODE_ENV === 'production',
|
|
sameSite: 'strict',
|
|
maxAge: 7 * 24 * 60 * 60 // 7 days
|
|
})
|
|
|
|
return {
|
|
user: {
|
|
id: user.id,
|
|
username: user.username
|
|
}
|
|
}
|
|
})
|